Ron Wyden Wants The DOJ To Provide Answers On Stingray Devices' Disruption Of Emergency Call Service

from the gotta-risk-lives-to-save-lives-or-whatever dept

The FBI has admitted -- albeit not that publicly -- that Stingray devices disrupt phone service. Spoofing a cell tower has negative effects on innocent phone users as the device plays man-in-the-middle while trying to locate the targeted device. An unsealed document from a criminal prosecution and assertions made in warrant affidavits alleging "minimal" disruption are all we have to go on, at least in terms of official statements.

Supposedly, Stingrays are supposed to allow 911 service to continue uninterrupted. But it's hard to square that with the fact every phone in the device's range is forced to connect to the Stingray first before being allowed to connect with a real cell tower. In some cases, the device might force every phone in range to drop to a 2G connection. This may still allow 911 calls to take place, but almost any other form of communication will be impossible as long as the Stingray is in use.

Ron Wyden's staff technologist, Chris Soghoian (formerly of the ACLU), will be fielding answers from the DOJ and FBI about 911 service disruptions, if those answers ever arrive. Wyden's office has sent a letter [PDF] demanding to know the extent of cell service disruption when Stingrays are deployed. And he'd also like to know if these agencies are being honest about the negative side effects when agents seek warrants.

1. The Communications Act of 1934 prohibits willful or malicious interference with licensed radio communications. How is a federal law enforcement agency's use of a cell-site simulator not authorized by a court order consistent with the prohibition on interference with radio communications in 47 U.S.C. 333?

2. Is it the position of DOJ that a search warrant authorizing a federal law enforcement agency to use a cell-site simulator overrides the statutory prohibition on interference in 47 U.S.C. 333? If yes, please explain Why.

3. Does DOJ believe that it has an obligation under the duty of candor to notify federal courts considering an application for the use of a cell-site simulator that federal law prohibits interference with cellular communications? If not, please explain why.

4. Is it the position of DOJ that it is lawful, with or without a court order, for a federal law enforcement agency to interfere with licensed radio communications such that it disrupts a surveillance target's emergency cellular communications with 9-1-1? If yes, please explain why.

We'll see if Wyden gets his answers. The DOJ still has yet to answer similar questions Wyden asked last year, and there's little reason to believe its response time to questions it doesn't want to answer has improved since 2017.

There is evidence cell site simulators do interfere with 911 service, even if the US government has yet to admit it. A document obtained by the ACLU from the Royal Canadian Mounted Police clearly states cell site simulators have negative effects on emergency calls.

The MDI [Mobile Device Identifier] will shut itself off if a mobile within its range dials 911. However, recent testing at HQ revealed that more than 50% of the GSM mobile telephones tested had not automatically completed their 911 calls after the MDI had shut itself off.

This memo says the RCMP should inform judges of this possible side effect when seeking warrants and use a 3-minutes-on, 2-minutes-off cycle to minimize cell service disruption and overcollection of cell data from non-targets. If the DOJ has directed the FBI to engage in practices like these, it has yet to make that information public. From what little has been gleaned from public statements and begrudging answers to legislators and Congressional committees, the FBI's use of Stingrays appears to only be constrained by a warrant requirement that is merely the DOJ's internal policy, rather than codified by law.

Re: Answers: 1) No: not malicious. 2) See #1. 3) See #1. 4) See #1.

Second, if you're so gung-ho about law enforcement using cell-site simulators that downgrade a cell phone connection and delay calls to 911, then you should be perfectly fine with law enforcement installing these devices everywhere so they can just listen in whenever they need to, right?

erroneously assuming a risk without proper consideration.

I don't even agree with the 3 minute on 2 minute off approach. In an emergency, seconds matter. If you are allowing any disruption you are basically saying that if someone dies thats okay because it was more important to find a cell phone than get someone prompt medical help.

In a low density area there is less chance of someone needing to call 911 at the same time you deploy the device but in densely populated areas you run a much greater risk.

How can any organization assume that risk without the input of the citizens in their area?

Re: erroneously assuming a risk without proper consideration.

If you are allowing any disruption you are basically saying that if someone dies thats okay because it was more important to find a cell phone than get someone prompt medical help.
[...]
How can any organization assume that risk without the input of the citizens in their area?

Either the organizations hadn't thought it through, or don't care about public safety.

"That is price we are willing to (have the public) pay."

Given the insane fact that there are still people in positions where they absolutely do know better yet still push for unicorn gates/broken encryption, which stands to cause massive harm to the public if implemented, I'm pretty sure it's the latter.